ACSC Warning for Snowflake Clients

The Australian Cyber Security Centre (ACSC) has issued an alert about heightened cyber threat activity affecting Snowflake clients. They advise Australian establishments that use Snowflake to change passwords for active accounts, deactivate inactive accounts, activate Multi-Factor Authentication (MFA), and review user actions.

Snowflake has noted and is currently investigating a surge in cyber threat activity directed at certain customer accounts. In their advisory dated June 1, 2024, Snowflake stated, “We suspect this is due to continuous, industry-wide, identity-focused attacks aimed at acquiring customer data.”

“Studies suggest that these attacks are carried out using user credentials of our customers that were exposed during separate cyber threat incidents. As of now, we do not believe this activity is a result of any vulnerability, misconfiguration, or malicious behavior within the Snowflake platform. We have promptly notified the few customers we believe may have been affected as part of our ongoing investigation,” they added.

Snowflake has released guidance to help detect unauthorized access attempts. The ACSC is closely monitoring the situation and stands ready to offer support and guidance as needed.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts